You've already forked mariadb-ubuntu
179 lines
4.4 KiB
Bash
Executable File
179 lines
4.4 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
|
|
# Author : Allan Christensen
|
|
# First Created : 05012022 (DD-MM-YYYY)
|
|
# Description : Installs MariaDB with socket auth on Ubuntu 24.04
|
|
# License : MIT License (see LICENSE file for details)
|
|
|
|
#
|
|
# Are we root
|
|
#
|
|
if [[ $(id -u) -ne 0 ]]; then echo "" && echo "Must be root or use sudo" && echo "" ; exit 1 ; fi
|
|
|
|
#
|
|
# Define variables
|
|
#
|
|
mariaconfig="/etc/mysql/mariadb.conf.d/50-server.cnf"
|
|
|
|
#
|
|
# Function to check if a service is already running or not
|
|
#
|
|
serviceyes () { printf "\n%s" $service ; printf " is already running cannot continue...\n\n"; }
|
|
servicealive () { status=$(systemctl is-active $service); if [[ "$status" == "active" ]]; then serviceyes ; exit 1; fi; }
|
|
|
|
#
|
|
# Function usage
|
|
#
|
|
usage () {
|
|
printf -- "\nmariadbinstall\n\n"
|
|
printf -- "Installs and configures MariaDB on Ubuntu 24.04\n"
|
|
printf -- "Note: Must be run as root or using sudo\n\n"
|
|
printf -- "Usage:\n"
|
|
printf -- " sudo ./mariadbinstall -u <adminuser> -p <password>\n"
|
|
printf -- " sudo ./mariadbinstall -h (help screen)\n\n"
|
|
printf -- "Example:\n"
|
|
printf -- " sudo ./mariadbinstall -u adminuser -p strongpass\n\n"
|
|
}
|
|
|
|
#
|
|
# If MariaDB is already running then die
|
|
#
|
|
service="mariadb" ; servicealive
|
|
|
|
#
|
|
# Let's go
|
|
#
|
|
clear
|
|
|
|
#
|
|
# Check if no arguments were given or if -u og -p is missing or malformed
|
|
#
|
|
if [[ $# -eq 0 ]]; then usage ; printf "ERROR: -u and -p REQUIRED!\n\n" ; exit 1 ; fi
|
|
|
|
#
|
|
# Parse arguments
|
|
#
|
|
while [[ $# -gt 0 ]]; do
|
|
case "$1" in
|
|
-u)
|
|
shift
|
|
if [[ -z "$1" ]]; then
|
|
usage
|
|
printf "ERROR: USERNAME CANNOT BE EMPTY!\n\n"
|
|
exit 1
|
|
fi
|
|
adminuser="$1"
|
|
shift
|
|
;;
|
|
-p)
|
|
shift
|
|
if [[ -z "$1" ]]; then
|
|
usage
|
|
printf "ERROR: PASSWORD CANNOT BE EMPTY!\n\n"
|
|
exit 1
|
|
fi
|
|
adminpwd="$1"
|
|
shift
|
|
;;
|
|
-h)
|
|
usage
|
|
exit 0
|
|
;;
|
|
*)
|
|
usage
|
|
printf "\nType: sudo %s -h for help\n\n" "$0"
|
|
exit 1
|
|
;;
|
|
esac
|
|
done
|
|
|
|
#
|
|
# Final sanity check
|
|
#
|
|
if [[ -z "$adminuser" || -z "$adminpwd" ]]; then usage ; printf "\nERROR: Both -u and -p arguments are mandatory!\n\n" ; exit 1 ; fi
|
|
|
|
#
|
|
# Username: only allow a-zA-Z0-9_.-
|
|
#
|
|
if [[ ! "$adminuser" =~ ^[a-zA-Z0-9_.-]+$ ]]; then
|
|
printf "\nERROR: Username contains invalid characters.\n"
|
|
printf "Allowed characters: letters, digits, dot (.), underscore (_), and dash (-)\n\n"
|
|
exit 1
|
|
fi
|
|
|
|
#
|
|
# Password: disallow spaces and backslashes, warn about weak passwords
|
|
#
|
|
if [[ "$adminpwd" =~ [[:space:]] ]]; then
|
|
printf "\nERROR: Password cannot contain spaces.\n\n"
|
|
exit 1
|
|
fi
|
|
if [[ "$adminpwd" =~ [\\] ]]; then
|
|
printf "\nERROR: Password cannot contain backslashes (\\).\n\n"
|
|
exit 1
|
|
fi
|
|
|
|
#
|
|
# Install MariaDB
|
|
#
|
|
apt install -y mariadb-server mariadb-client
|
|
|
|
#
|
|
# Setting up error log comment this out if you don't need error log
|
|
#
|
|
sed -i '/#log_error = \/var\/log\/mysql\/error.log/ s/^.//' "$mariaconfig"
|
|
|
|
#
|
|
# Apply MariaDB hardening (non-interactive, safe for socket auth)
|
|
#
|
|
mysql --force 2>/dev/null <<'EOF'
|
|
-- Remove anonymous users
|
|
DELETE FROM mysql.global_priv WHERE User='';
|
|
|
|
-- Remove remote root access
|
|
DELETE FROM mysql.global_priv WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');
|
|
|
|
-- Drop test database
|
|
DROP DATABASE IF EXISTS test;
|
|
|
|
-- Remove test DB privileges
|
|
DELETE FROM mysql.db WHERE Db='test' OR Db='test\_%';
|
|
|
|
-- Apply changes
|
|
FLUSH PRIVILEGES;
|
|
EOF
|
|
|
|
#
|
|
# Create admin user root remains socket-authenticated by default
|
|
#
|
|
mysql --force 2>/dev/null <<EOF
|
|
CREATE USER IF NOT EXISTS '${adminuser}'@'localhost' IDENTIFIED BY '${adminpwd}';
|
|
GRANT ALL PRIVILEGES ON *.* TO '${adminuser}'@'localhost' WITH GRANT OPTION;
|
|
FLUSH PRIVILEGES;
|
|
EOF
|
|
|
|
#
|
|
# Restart MariaDB
|
|
#
|
|
systemctl restart mariadb
|
|
|
|
#
|
|
# Save credentials root only
|
|
#
|
|
secretfile="/root/MARIADBSECRET" ; printf "Admin User : %s\nAdmin Pass : %s\n" "$adminuser" "$adminpwd" > "$secretfile" ; chmod 400 "$secretfile"
|
|
|
|
#
|
|
# All done
|
|
#
|
|
printf "\nAll Done...\n\n"
|
|
printf -- "--------------------------------------------\n"
|
|
printf " Admin User : %s\n" "$adminuser"
|
|
printf " Admin Pass : %s\n" "$adminpwd"
|
|
printf -- "--------------------------------------------\n\n"
|
|
printf "Credentials have been saved to: %s\n" "$secretfile"
|
|
printf "Make sure to DELETE this once you are ready!\n\n"
|
|
|
|
#
|
|
# End of script
|
|
#
|